This document provides a sample configuration for Web Cache Communication Protocol (WCCP) version 2 on the Catalyst 3550 with Cisco Content Engine 560.
For more information on document conventions, see the Cisco Technical Tips Conventions.
There are no specific prerequisites for this document.
This configuration was developed and tested using the following software and hardware versions.
Cisco Catalyst 3550 running Cisco IOS® Software Release 12.1(11)EA1a
Cisco Content Engine 560 running Cisco Application & Content Networking Software (ACNS) Release 4.2.3
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
In this section, you are presented with the information to configure the features described in this document.
This document uses the network setup shown in the diagram below.
This document uses the configurations shown below.
Content Engine 560
GIULIO#sh run Building configuration... Current configuration : 3426 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime ! hostname GIULIO ! enable password ww ! ip subnet-zero ip routing !--- Only TCP port 80 may be redirected. !--- You need to issue the sdm prefer extended-match command !--- on the switch. Refer to the Verify and Troubleshoot section for !--- further information. ip wccp web-cache ! ! spanning-tree extend system-id ! ! ! interface FastEthernet0/1 no switchport ip address 10.48.66.217 255.255.254.0 ! interface FastEthernet0/2 no ip address ! interface FastEthernet0/3 no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 no ip address ! interface FastEthernet0/6 no ip address ! interface FastEthernet0/7 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface FastEthernet0/13 no ip address ! interface FastEthernet0/14 no ip address ! interface FastEthernet0/15 no ip address ! interface FastEthernet0/16 no switchport ip address 18.104.22.168 255.255.255.0 duplex full speed 100 ! interface FastEthernet0/17 no ip address ! interface FastEthernet0/18 no ip address ! interface FastEthernet0/19 no ip address ! interface FastEthernet0/20 no ip address ! interface FastEthernet0/21 no ip address ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 no ip address ! interface FastEthernet0/24 no ip address ! interface FastEthernet0/25 no ip address ! interface FastEthernet0/26 no ip address ! interface FastEthernet0/27 no ip address ! interface FastEthernet0/28 no ip address ! interface FastEthernet0/29 no ip address ! interface FastEthernet0/30 no ip address ! interface FastEthernet0/31 no ip address ! interface FastEthernet0/32 no ip address ! interface FastEthernet0/33 no ip address ! interface FastEthernet0/34 no ip address ! interface FastEthernet0/35 no ip address ! interface FastEthernet0/36 no ip address ! interface FastEthernet0/37 no ip address ! interface FastEthernet0/38 no ip address ! interface FastEthernet0/39 no ip address ! interface FastEthernet0/40 no ip address ! interface FastEthernet0/41 no ip address ! interface FastEthernet0/42 no ip address ! interface FastEthernet0/43 no ip address ! interface FastEthernet0/44 no ip address ! interface FastEthernet0/45 no ip address ! interface FastEthernet0/46 no ip address ! interface FastEthernet0/47 no ip address ! interface FastEthernet0/48 !--- On this WCCP implementation, only input redirection is allowed. no switchport ip address 22.214.171.124 255.255.255.0 ip wccp web-cache redirect in ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! ! !--- This access list 100, if associated as 'in' to Fa0/48, !--- can show if packets are reaching the Catalyst from the PC client. access-list 100 permit tcp any eq www any log access-list 100 permit tcp any any eq www log access-list 100 permit any any any log ip default-gateway 10.48.66.1 ip classless ip route 0.0.0.0 0.0.0.0 10.48.66.1 ip http server ! ! ! ! line con 0 exec-timeout 0 0 password cisco line vty 0 4 exec-timeout 0 0 password ww login line vty 5 15 login ! end GIULIO#
|Content Engine 560|
agra#sh run hostname agra ! ! ! ! ! !--- The Standby feature on the Content Engine is optional in the !--- implementation, but it works fine with the Catalyst. interface FastEthernet 0/0 ip address 126.96.36.199 255.255.255.0 standby 1 ip 188.8.131.52 255.255.255.0 standby 1 priority 120 no autosense bandwidth 100 full-duplex exit interface FastEthernet 0/1 ip address 184.108.40.206 255.255.255.0 standby 1 ip 220.127.116.11 255.255.255.0 standby 1 priority 80 no autosense bandwidth 100 full-duplex exit ! ! ip default-gateway 18.104.22.168 ! primary-interface FastEthernet 0/0 ! ! ! ! !--- The logging console is only used for troubleshooting, as it may cause !-- high CPU on the Content Engine in production. logging console enable logging console priority debug ! ! ! ! ! ! ! wccp router-list 1 22.214.171.124 wccp web-cache router-list-num 1 l2-redirect !--- The assign-method-strict is not necessary. wccp version 2 !--- Catalyst 3550 implementation of WCCP allows only Layer 2 redirection, !--- and not generic routing encapsulation (GRE). In addition, only TCP !--- port 80 may be redirected. ! ! username admin password 1 bVmDmMMmZAPjY username admin privilege 15 ! ! ! ! authentication login local enable primary authentication configuration local enable primary ! ! agra#
This section provides information you can use to confirm that your configuration is working properly and to troubleshoot further.
In order to enable WCCP redirection in the Catalyst switch, you need to issue the sdm prefer extended-match command (and reboot the switch). By issuing the show sdm prefer command, you are able to see the actual configuration of the TCAM/ASIC Hardware in the switch.
As the implementation of WCCP in the Catalyst 3550 is limited, issuing the show ip wccp command does not show the number of packets being redirected. This index remains at 0. Also, the same Catalyst may have multiple Content Engines in the cache farm, but only one WCCP Catalyst is allowed. The output of the show ip wccp command on the Catalyst is shown below.
GIULIO#sh ip wccp
Global WCCP information: Router information: Router Identifier: 126.96.36.199 Protocol Version: 2.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 0 Redirect access-list: -none- Total Packets Denied Redirect: 0 Total Packets Unassigned: 0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Statistics - Requests Total % of Requests --------------------------------------------------- Total Received Requests: 4 - Forced Reloads: 0 0.0 Client Errors: 0 0.0 Server Errors: 0 0.0 URL Blocked (Reset): 0 0.0 URL Blocked: 0 0.0 Sent to Outgoing Proxy: 0 0.0 Failures from Outgoing Proxy: 0 0.0 Excluded from Outgoing Proxy: 0 0.0 ICP Client Hits: 0 0.0 ICP Server Hits: 0 0.0 If-Range Hits: 0 0.0 HTTP 0.9 Requests: 4 100.0 HTTP 1.0 Requests: 0 0.0 HTTP 1.1 Requests: 0 0.0 HTTP Unknown Requests: 0 0.0 Non HTTP Requests: 0 0.0 Non HTTP Responses: 0 0.0 Chunked HTTP Responses: 0 0.0 Http Miss Due To DNS: 0 0.0 Http Deletes Due To DNS: 0 0.0 agra#sho stat http savings Statistics - Savings Requests Bytes ----------------------------------------------------------- Total: 4 3132 Hits: 3 2349 Miss: 1 783 Savings: 75.0 % 75.0 % agra#sho stat netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 188.8.131.52:8999 10.48.66.123:2011 ESTABLISHED udp 0 0 127.0.0.1:10000 127.0.0.1:32346 ESTABLISHED udp 0 0 127.0.0.1:10001 127.0.0.1:32347 ESTABLISHED udp 0 0 127.0.0.1:10002 127.0.0.1:32345 ESTABLISHED
If access list 100 is applied to inbound traffic on FastEthernet 0/48, a message similar to the following should be sent to the console for each HTTP packet sent by the client browser to the Internet:
*Mar 1 04:19:09: %SEC-6-IPACCESSLOGP: list 109 permitted tcp 184.108.40.206(1828) -> 10.48.66.125(80), 1 packet
On the Content Engine, the following commands allow you to see the number of packets sent by the Content Engine:
show statistics http requests
show statistics netstat
show statistic http savings
All packets sent out to the internet have a source IP address identical to the Content Engine, except when the Content Engine is in bypass mode and the requests are sent by the client PC source IP address instead.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.